Go beyond data integrity; Information chain management part one

by Carlo Candotti Executive Consultant & Partner @DOTS

The Industrial Revolution

The industrial revolution we are experiencing, strongly linked to Information & Communications Technologies (ICT) and the Internet economy, is characterized by 4.0 technologies and redefines the way of production. If we add to this the continuous change of business models, the boundaries between organization, technologies and the outside world become increasingly blurred, generating a highly indeterminate environment. 

Digitizing the company by reviewing internal processes is the challenge facing many companies with a global market. 

To the contrary, what we find in the market is that systems are often underused. The degree of satisfaction with IT integration among users is generally low, and the main topic discussed is that users ‘should work for the system instead of receiving any help for daily activities.’ 

Data Integrity_Candotti_Site PQE

Questions to be asked

The primary questions that must be answered before tackling this path, which is not purely technological, are: 

  • Is my ERP consistent with my company's mission? Inconsistencies could be due to technological limitations but also to changes in business or organizational models. A transformation initiative cannot be tackled by considering only the technological aspect without reviewing the processes. 
  • Is the data I get from the system reliable and unquestioned? An indicator is how much data present in ‘official systems’ is used to make important decisions, and how much it must be integrated with other tools (reprocessing, personal evaluations, Excel, etc.). Excessive use of personal IT tools (e.g., Excel) is often a sign of unreliability/incompleteness of company data. 
  • Can I measure the problems related to an incorrect flow of information? Often in an incorrectly mapped system, risks occur by performing the same activities several times causing problems both in terms of time spent and data quality. The need for independent paper-based controls or the use of paper as a data source instead of the system is an indication of poor reliability of the information creation process. 
  • Do I have the right perception of the obsolescence of the system? Obsolescence is also the use of expensive customizations that have now become standard. Checking the transactions used (especially if customized) is just a small and sometimes insufficient step; it is necessary to verify the efficiency of the process and, above all, to understand if the new features allow for a back to standard. 
  • Is there confidence that the system covers all recently introduced regulatory requirements?  New regulatory or updated versions regarding the Pharma industry (for example, FDA CFR 21 in the US or EU GMP Vol 4   (for Europe), but also other rules, for example for privacy actions (such as EU GDPR) or national rules for taxes and accounting. 

The big misunderstanding:  IT optimization is a matter of systems 

Generally, when there are problems in the IT environment, the first approach is to change the system, beginning with where the main problems have been found. 

But this approach, of course pushed by the system’s seller, is highly ineffective; the system is only a part of the problem. Often the primary issues are related to the organization (this is also shown by the system integrator, but only during the project) and a lack of clear knowledge of real information flows (often flows found in SOPs are quite different from reality, typically in less structured enterprises). 

In the life science sector, data integrity is a very common concept that is often declined, and again, related only to the system functionalities (audit trail, etc.). In reality, this approach is a ‘necessary and not sufficient condition’   to    have ‘real’ data integrity because the main threats are related to how the system is used. Nobody thought that  having qualified the equipment would confirm the product is good, but in my experience a  lot of  people  think that having validated  a system  (the IT equipment)   according to part  11 automatically they have complete data  integrity: this is one  of the major   problems in production, when equipment are qualified and afterwards, there is  the  batch record  to manage product  quality. In IT, generally the validation is related to each single  system. 

The topic:  consider the production of data compared to the physical supply chain 

It is common sense that information is   a company asset and that competition will be based upon information. 

Therefore, if it is true that a company produces both information   and product, we should compare how differently they are managed.  

Supply chain 

Information chain 

Company produces goods, transforming them from raw material to finished goods and distributes to customer. An effective supply chain is important for the company’s final results. 

 Diagram1_supply chain

 

Company produces information (labels, packaging, but also reports, certificates, etc.) for the market or notified or regulatory bodies. 

The information managed has an increasing value and high impact on company results and reputation. 

The physical management requires one or more sequences for receiving, controlling, stocking, transforming and sending goods. 

 Diagram2_supply chain

 

The process is very similar:  raw data is received, archived, transformed, etc., but there is a difference in managerial accountability: the warehouse is locked to preserve the goods (how is IT security managed?  How are information values preserved?) In the warehouse there are incoming and continuous controls to preserve the information. 

The process and company is controlled by many controllers; they can be customers,   notified bodies or regulatory bodies (FDA, AIFA, ANSM, etc.). 

The control is generally executed by inspections. 

To expose the quality of the process there is a documentation set (generally paper-based) that is shown.  

Diagram3_supply chain

 

The information chain is also controlled more and more   (and by multiple figures: e.g. GDPR, Finance, etc.). The control of the information chain  has these advantages: 

  • Can be done remotely (savings) 
  • Demonstrates the situation is not related to the instant of inspection.  

The point of data integrity is due to the need to have data that completely match the process. 

For this reason, the documentation-set paper base can become a huge burden since it should be justified against the data in the system:  we hope that the quality should no longer be evaluated on the weight of paper. 

Cost control: there are multiple methodologies to keep costs under control. 

What will happen if we try to calculate the costs for all information chains? Everyone in the company works at the information chain level   (more than in the physical level), and should be calculating: 

  •  The direct costs of creation/manipulation/verification of  data  but also indirect costs: 
  • The impact on lines’ overall equipment effectiveness (OEE), which is used to calculate the efficiency of production, for final batch record review done by post when   data are present and available in the line and should be automatically verified. 

With respect to the managerial aspect, the difference is bigger: the supply chain is generally managed by a supply manager (sometimes a production manager is the deputy) that coordinates all phase of processes inside the company. 

Situations regarding information chains vary: in some small companies, IT doesn’t exist! In larger companies, instead of thinking of the information chain, products are referred to (ERP, MES, SCADA   etc.), and often, there is a clear separation from IT and OT: the megatrends (data integrity, but also   industry 4.0) require a holistic vision of the entire flow that manages information. 

 

Key takeaways

  • A lot of information for the market must be produced 
  • Many (always more) look at the information that has been produced 
  • Information is the basis of one’s reputation 
  • Information (creation , management, etc.) carries a high cost 
  • Companies don't have anyone who does INFORMATION CHAIN ​​MANAGEMENT internally; at most it has more or less extensive computer systems/equipment technicians (not always interconnected)  
  • The paper process is ineffective and expensive  

AND with the huge increase of data and integration required by industry 4.0, the problem has become bigger. 

It is clear that the problem is: 

  • MANAGERIAL - Who is the owner of the information CHAIN ​​MANAGEMENT processes? 
  • What is the role of IT? 
  • ORGANIZATIONAL-MANAGEMENT - how flows are managed - how do I get the data just once and only in one place?  
  • TECHNICIAN – are IT tools adequate, how is the decision-making process, etc.? 

So, according to the physical flow we NEED TO SPEAK ABOUT INFORMATION CHAIN MANAGEMENT and we   have created many projects to integrate    system functionalities, information flows reducing  the   effort in producing/managing information,  and in the meantime, to increase  the  quality of data. 

From these experiences we were able to create a knowledge base and a specific analysis methodology to speed   up the assessment projects, overcoming the old concept of AS IS analysis versus TO BE analysis.  

Want to know more?

PQE Group staff comprises experienced and skilled experts in multidisciplinary teams, available to support your company achieving the highest levels of safety for your systems. Visit our Digital Governance services page to know more or to contact us, and find the most suitable solution for your company.

Connect with us